Android Exploits & Vulnerabilities from CISA

Tags:

Vulnerabilities and Exploits From CISA
Written by Eric Cisternelli
Sr. Digital Marketing Manager

This list highlights the latest CISA catalogue entries of Known Exploited Vulnerabilities from Android and Android products in 2022-2023.

 

Product Vulnerability Name Date Added Short Description Required Action Due Date Detail Link
Framework Android Framework Privilege Escalation Vulnerability 2023-09-13 Android Framework contains an unspecified vulnerability that allows for privilege escalation. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. 2023-10-04 CVE-2023-35674
Mobile Devices Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability 2023-05-19 Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. Apply updates per vendor instructions. 2023-06-09 CVE-2023-21492
Chrome Google Chrome Skia Integer Overflow Vulnerability 2023-04-21 Google Chrome Skia contains an integer overflow vulnerability. Specific impacts from exploitation are not available at this time. This vulnerability resides in Skia which serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and other products. Apply updates per vendor instructions. 2023-05-12 CVE-2023-2136
Framework Android Framework Privilege Escalation Vulnerability 2023-04-13 Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. Apply updates per vendor instructions. 2023-05-04 CVE-2023-20963
Android OS Android OS Privilege Escalation Vulnerability 2022-09-08 The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor. Apply updates per vendor instructions. 2022-09-29 CVE-2011-1823
Kernel Android Kernel Use-After-Free Vulnerability 2022-05-23 Android kernel contains a use-after-free vulnerability that allows for privilege escalation. Apply updates per vendor instructions. 2022-06-13 CVE-2021-1048
Kernel Android Kernel Race Condition Vulnerability 2022-05-23 Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation. Apply updates per vendor instructions. 2022-06-13 CVE-2021-0920

 

Return To Top

See CISA Apple Vulnerabilities